Skip to content
This repository was archived by the owner on Jul 27, 2023. It is now read-only.

Commit c7eeabe

Browse files
committed
Added env variables to control args scrubbing
1 parent 3111818 commit c7eeabe

2 files changed

Lines changed: 59 additions & 0 deletions

File tree

config/config.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -411,6 +411,17 @@ func mergeEnv(c *AgentConfig) *AgentConfig {
411411
}
412412
}
413413

414+
// Process Arguments Scrubbing
415+
if enabled, err := isAffirmative(os.Getenv("DD_SCRUB_ARGS")); enabled {
416+
c.Scrubber.Enabled = true
417+
} else if !enabled && err == nil {
418+
c.Scrubber.Enabled = false
419+
}
420+
421+
if v := os.Getenv("DD_CUSTOM_SENSITIVE_WORDS"); v != "" {
422+
c.Scrubber.AddCustomSensitiveWords(strings.Split(v, ","))
423+
}
424+
414425
if v := os.Getenv("DD_AGENT_PY"); v != "" {
415426
c.DDAgentPy = v
416427
}

config/config_test.go

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,54 @@ func TestOnlyEnvConfig(t *testing.T) {
7878
os.Setenv("DD_API_KEY", "")
7979
}
8080

81+
func TestOnlyEnvConfigArgsScrubbingEnabled(t *testing.T) {
82+
os.Setenv("DD_SCRUB_ARGS", "true")
83+
os.Setenv("DD_CUSTOM_SENSITIVE_WORDS", "*password*,consul_token,*api_key")
84+
85+
agentConfig, _ := NewAgentConfig(nil, nil)
86+
assert.Equal(t, true, agentConfig.Scrubber.Enabled)
87+
88+
cases := []struct {
89+
cmdline []string
90+
parsedCmdline []string
91+
}{
92+
{[]string{"spidly", "--mypasswords=123,456", "consul_token", "1234", "--dd_api_key=1234"},
93+
[]string{"spidly", "--mypasswords=********", "consul_token", "********", "--dd_api_key=********"}},
94+
}
95+
96+
for i := range cases {
97+
cases[i].cmdline = agentConfig.Scrubber.ScrubCmdline(cases[i].cmdline)
98+
assert.Equal(t, cases[i].parsedCmdline, cases[i].cmdline)
99+
}
100+
101+
os.Setenv("DD_SCRUB_ARGS", "")
102+
os.Setenv("DD_CUSTOM_SENSITIVE_WORDS", "")
103+
}
104+
105+
func TestOnlyEnvConfigArgsScrubbingDisabled(t *testing.T) {
106+
os.Setenv("DD_SCRUB_ARGS", "false")
107+
os.Setenv("DD_CUSTOM_SENSITIVE_WORDS", "*password*,consul_token,*api_key")
108+
109+
agentConfig, _ := NewAgentConfig(nil, nil)
110+
assert.Equal(t, false, agentConfig.Scrubber.Enabled)
111+
112+
cases := []struct {
113+
cmdline []string
114+
parsedCmdline []string
115+
}{
116+
{[]string{"spidly", "--mypasswords=123,456", "consul_token", "1234", "--dd_api_key=1234"},
117+
[]string{"spidly", "--mypasswords=123,456", "consul_token", "1234", "--dd_api_key=1234"}},
118+
}
119+
120+
for i := range cases {
121+
cases[i].cmdline = agentConfig.Scrubber.ScrubCmdline(cases[i].cmdline)
122+
assert.Equal(t, cases[i].parsedCmdline, cases[i].cmdline)
123+
}
124+
125+
os.Setenv("DD_SCRUB_ARGS", "")
126+
os.Setenv("DD_CUSTOM_SENSITIVE_WORDS", "")
127+
}
128+
81129
func TestConfigNewIfExists(t *testing.T) {
82130
// The file does not exist: no error returned
83131
conf, err := NewIfExists("/does-not-exist")

0 commit comments

Comments
 (0)